do file uploads have to be store before virus scanned?

Quick question guys,

I am trying to configure a virus scanner to scan file uploads by users and am just curious whether they must be stored on the server before being scanned or if you can scan before saving the file? I am running apache 开发者_运维问答on linux with php.

Any advice appreciated.

Uploads go in /tmp, where they should be safe to scan prior to using move_uploaded_file to place them somewhere more permanent.

If you google scan stream for viruses you will find a lot of virus scanners that seem able to scan streams. You are going to need to find a commercial one for it to be effective (I doubt there are any open source ones, but I might be wrong). Viruses are created daily and updates are going to be needed to stay up to date.